Mekotio IOCs

SHA1
3c15b6eba84e2a3551b6af19ad0ab651d2f1594f		Trojan.BAT.MEKOTIO.B
a4dd8adc9b7b282700bec089f3204eccb64d2c0e
09672e9208fd30511ed8d779f5769b159116c88b
50e471381a14a8c728a54294d75797163ce6922e
e8e3e4eaff9d523b9c51c546989e636ee29558ef
93ee0b789fba41aa227f4d7b4a39698fc3a89750
6db84b5801a8051f50fa0cc892f73d019188da80
0f34c7bd4a6cab705434b6834b51099d988ffa69
88379ac5a62950c9a8c61ec6c8dfb3d8b532c662
d1964a6fe0edb2af4c3e86ab829ed7d527de4f23
a8efbcc60315590f70460de75c03e798fd481f26
39f201e22496af8fb55128eaeaac95789d37f9c2
d33ed76c556857ba218287d36ab11e7af14181dc
f9f43ae7f455bdaddc0ace89cf1e7458e9963a38
592bd68232eefdcc1ad5f9a6262b75c878c7e6e0
45ff1a197d57047c1b59dae7c3e18f309958eb19
988863c5cde6ce19863c455474a77c49c86072e1
6a565360b6d1a1f122ae750f168e8f5a6822e0f7
6299c046bf1e01a88c0fdc2953eea68995c8acf8
9276b03c5d713ba51bab13873dfdb40b28f2a7d8
90d1fa684ed6f44b6bd858858791e8695a04799b
c782c9a11fcd6d43055aeeaed714a46a85c5b5e0
f96b317469440163d8c883add2c9f82d68164fdc
4d3e97b9f8b1ffc17b7c8c00710d7260bde3fa4a
6d93b56c6066d8a495de0e36e20388ce86267c44
a65d19c1a3ddc7cb01217dd25757e080b9023c90
0199e31719ee5d611385af31fb3821d40473a46f
0199e31719ee5d611385af31fb3821d40473a46f
3a3dc310e4ad599f9f2b3d9caf139379c68926a2
8ec8f961ffdb43bf3462360f143444aa9f849f8c
98c8fcc63f8447b7049e23a9b1991032d679b887
54b1a42b0c4af1d46307e16f67e44dde2f6ff24a
7a822478cbd318c09bbc98f16544e5e1e4cbae9a
07f06d5c230784618eb54fdf952872f7b3dc3854
2149aeec361ec8d4c3596679fa718fc6235e85aa
acb3242443827598e9a3367fd4e35f2b679e619a
4f6b13e2d863f6826a4e69ad0ca84c61cd9822f2
974404a00d0dcbd11e2a50650f0d80674c13bdde
01aa8ea7d37ffbea60b567d4d1b9fa5b4093586c
d581f9f8334e159e2667f67f170471d4ead06c94
9a0c241e182f81dd498354f7546e47c6255c14f0

SHA1 - PowerShell
0a9bba01290233999c9298605cb878bf20296087		Trojan.PS1.MEKOTIO.AA
2a06d162f1d461f36fa63002e055223ec07da02e
475f48c149dd9bf4ce5246538425e1f87505b83c

SITES
hxxps[://]crgaestudiojuridicoujko[.]isageek[.]net
hxxps[://]crgaestudiojuridicoujko[.]isageek[.]net
hxxps[://]2aQRFDIQFEW5tZLsTRkFKKbLzaorKTbRJNcTI27mGpO4Hd2LEgDanLZ40Gss[.]b-cdn[.]net
hxxps[://]c0m45f8wfr0AXxwGObF8IXlakEaMcnkU4UFVlNlOkhUqjYCVBhrMX2nruV1p[.]b-cdn[.]net
hxxps[://]5OS4X7KAvxY11gjE3lfKGHUqbwswTGMf4jmy3FX0foOsDp1ESfdmtLms2pzi[.]b-cdn[.]net
hxxps[://]3XS8FBP6rB5oDi8YsQKATFXJzIEdFPV1JBjO00upG7GqO6uNq9xtJ4o3TtoG[.]b-cdn[.]net
hxxp[://]37[.]148[.]205[.]26/contadores/m4Ii5mn[.]php?loTXe
hxxp[://]37[.]148[.]205[.]26/contadores/m4Ii5mn[.]php?loTX=w9d2PIfe8t72FHhKOw1PN1EQWGP2ylYFYLIMtZka0UPFOkYTUjq44k8tdOQhFkfeE1u
hxxp://50[.]62[.]182[.]1/contadores/37[.]148[.]205[.]26:9095


BBTok IOCS

SHA1
a2d7127d6708ee44aec1ab602b11f89956e8d39d		Trojan.MSIL.BBTOK.A
67e01ea92f0dd5840744f62b79a219fd75301b16
acd04413c6432fd3ffa37ef33bb983d2a7b575eb
1891b4f0737b080df18e4833ef90f1d05c696e1d
5b7ed30b3639e2514f7b2fc0e3f9515a539ba287
4638cf376eeef422ba1c865891a2b00150bdeed4		Trojan.MSIL.BBTOK.A
5f3580e83d1bb2bcb48d68e6926109b2aa72bbe6
8cd5bf92cfdc95bcee5c47b2cf86b3be2b8730f6
080cfe8a4e7dcd388cf5459fcce96b2b1a7090ba